poly1305-donna
poly1305-donna copied to clipboard
How difficult to find collisions in this poly1305 implementation?
Hi, we played with poly1305-donna and we like that it's quite fast. We'd like and would like to ask how difficult it is, with this specific implementation, to cause a collision (e.g. generate a different message with the same MAC) for an attacker that would know the secret key passed to poly1305_auth()? Of course, we'd use a key only once per message.
Thank you and sorry for asking here, don't know where else.